<p>I would like to use something like that:</p> <pre class="prettyprint"><code>def answer_params params.require(:answer).permit!.without(:user_id) end </code></pre>

<p>will this work?</p> <pre class="prettyprint"><code>params.require(:answer).permit!.except(:user_id) </code></pre>

How to permit all attributes besides user_id using strong_parameters?

Tags:

2 Answers

will this work?

params.require(:answer).permit!.except(:user_id)

158

answered Sep 28 '22 07:09

I just want to put this out here, whitelisting is not DRY. Imagine a JSON API for a document based entry that could have up to 100 (or more) attributes (key value pairs). Generally the only pieces you need concern with are attributes that can escalate privileges like user_id.

answered Sep 28 '22 09:09

Jason Kenney

Recent Activity
Apple Pay - authorize.net returns error 153 only when live, sandbox works
How to continue cursor loop even error occured in the loop
python find all neighbours of a given node in a list of lists
Fatal error: Call to a member function setColumn() on a non-object in Magento
Count how many of each value from a field with MySQL and PHP
Python 32-bit development on 64-bit Windows [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!

Donate Us With

How to permit all attributes besides user_id using strong_parameters?

Tags:

ruby

ruby-on-rails

ruby-on-rails-4

strong-parameters

tomekfranek

2 Answers

jvnill

Jason Kenney

Recent Activity

Donate For Us

How to permit all attributes besides user_id using strong_parameters?

Tags:

ruby

ruby-on-rails

ruby-on-rails-4

strong-parameters

tomekfranek

2 Answers

jvnill

Jason Kenney

Related questions

Recent Activity

Donate For Us